Pgadmin Manager
AdvisoryAudited by Static analysis on May 10, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing and starting the skill runs code from the pgAdmin Docker image on the local machine.
The skill runs a third-party Docker image by tag. This is central to providing pgAdmin, but users rely on that image's provenance and Docker tag integrity.
image: dpage/pgadmin4:8.6
Use it only if you trust the pgAdmin image source; for stricter environments, pin the image by digest and verify provenance.
Starting the skill will create or run a local Docker container and attach it to the configured Docker network.
The start command mutates the local Docker environment by creating/running the pgAdmin container. This matches the skill purpose and is user-directed.
docker compose -f "$COMPOSE_FILE" up -d
Run start/stop intentionally and inspect the compose file if local Docker environment changes matter to you.
Anyone with local access to the service and these defaults could administer the local development database.
The skill discloses default pgAdmin and PostgreSQL development credentials, enabling database administration through the local UI.
Login: `admin@codai.local` / `pgadmin` ... **User**: `codai` / **Password**: `pgpass`
Keep this for local development only, change default passwords for shared/non-local environments, and avoid connecting it to sensitive databases.
PgAdmin configuration can remain on disk after stopping the container.
The artifacts explicitly retain pgAdmin server configuration across container restarts. This is useful, but it means saved connection details persist.
Server configurations are persisted in a named volume (`pgadmin_data`).
If you do not want saved server configurations to persist, intentionally remove the Docker volume as documented.
The pgAdmin service may keep running or restart after a reboot unless you stop it.
The container is configured to restart automatically until explicitly stopped. This persistence is disclosed and purpose-aligned.
restart: unless-stopped
Use the provided stop command when finished, and check Docker if you do not want the service to remain available locally.